Why Do Businesses Need to Do KYC AML Checks?

Why Do Businesses Need to Do KYC AML Checks?

The UK is a major international financial and legal hub of the world, regulated by the European Union (EU) 5th Money Laundering Directive (5th MLD).

Although the UK left the EU on the 31st January 2020, the government is still committed to transposing the AML/CFT standards set out in EU’s 5th anti-money laundering directives.

To reduce your risk of non-compliance, if you are operating in the UK should understand UK anti-money laundering laws, familiarise with the relevant financial authorities, and implement a suitable compliance policy.

KYC & AML checks: What’s the difference?

AML (Anti-money laundering) and KYC Know your customer (KYC) are two terms that are synonymous with the financial world. These terms are often used interchangeably; however, these are two distinct terms that refer to different checks and processes.

What is KYC?

Know Your Customer (KYC) can be defined as the process of verifying a customer’s identity. For this, a client would need to provide their credentials, such as their name, address, and identity documents. This is often done before a business relationship is established in order to prevent fraud and identity theft. KYC, or performing customer due diligence (CDD), should be performed regardless of whether AML regulations exist.

What is AML?

On the other hand, AML checks involve checking for and reporting suspicious activity, including predicate offences to money laundering and terrorist financings, such as securities fraud and market manipulation. AML compliance is a regulatory requirement that applies to banks, building societies, and credit unions. They also apply to other firms undertaking certain financial activities (see Schedule 2 of the regulations).

In both cases, we need to know our customers to establish and verify facts and behaviours on an ongoing basis.

What is the current law concerning AML and KYC?

On the 3rd of December 2020, the EU’s 6th Anti-Money Laundering Directive (6AMLD) came into force. Building on its predecessors, the 4AMLD and 5AMLD, the 6th AMLD provides a more harmonious definition of the term ‘money laundering’ as well as a more detailed list of offences that constitute as money laundering, such as concealing the source of illicit gains.

Additionally, criminal liability will not only apply to those who profit from money laundering directly but also to individuals and companies who enable money laundering.

What’s more, harsher punishments have also come into force under the 6th AMLD. The minimum prison sentence for individuals has been raised from 1 to 4 years. Companies convicted of money laundering can expect penalties such as fines (in addition to current punishments).

When to perform KYC and AML?

When you establish a new business relationship with a customer and before any exchange of money, you must perform the appropriate client due diligence to ensure AML compliance.

There are four primary objectives when gathering KYC information, using a risk-based approach:

  • Identify the customer
  • Verify the client’s true identity
  • Understand the customer’s activities and source of funding
  • Monitor the customer’s activities

While there are a number of high-quality free sources of information, such as search engines or public databases, finding exactly what you need from this vast range of resources is incredibly time-consuming. This simply isn’t a feasible long-term approach for any business that values speed, efficiency and scalability, which is why many regulated firms invest in Regulatory Technology (RegTech) to help deliver improved operational efficiency.

To continue to ensure you meet 5th MLD compliance regulations it is integral that you monitor changes in your clients’ risk status on an ongoing basis. Changes include:

  • New legal events, ie. the appointment of administrators
  • Change in credit rating
  • New beneficial ownership
  • Appointment of new directors
  • New adverse media

The importance of client due diligence

To ensure that KYC and AML checks are performed thoroughly, companies need to undertake due diligence on new clients. Due diligence is the process of taking steps to identify your customers and verify that they are who they claim to be in order to ensure compliance and to guard against financial crime scandals.

As part of the due diligence process, a thorough KYC audit serves to accurately verify customers and to help flag any warning signs of unusual activity. During the process, personal information and business data, such as the name, date of birth, residential address and photo identification of the customer, should be recorded and evaluated, and transactions examined to detect possible issues.

In cases where an individual is acting on behalf of another party in a transaction, or you need to establish the ownership structure of an organisation, you will also need to identify the ‘beneficial owner’. This will be the person behind the customer or the person on whose behalf the transaction is carried out.

Enhanced due diligence: Going a step further

There are also cases where due diligence will need to be particularly thorough, called enhanced due diligence. In these cases, additional customer checks will need to be carried out, including obtaining further information to confirm a customer’s identity, checking documents supplied by financial institutions with added care and making sure that the first payment is made from an account in the customer’s name. You will also need to carry out enhanced due diligence:

  • When a customer is not physically present
  • When you deal with individuals from a high-risk third country
  • Where there’s a higher risk of money laundering
  • When you enter into a relationship with a politically exposed person (PEPs)

Politically exposed persons (such as an MP, head of state, or a government minister and their family and associates) are at particular risk of corruption and bribery. Thus, they must be subjected to additional checks in the guise of PEPs and Sanctions checks.

Therefore, before engaging in a business relationship with these people, companies must be particularly vigilant and ensure that senior management approves the relationship, establishes the origin of wealth and funds, and strictly monitors the business relationship.

What happens if AML and KYC checks are not carried out?

Failing to carry out the required AML and KYC checks can result in penalties by the Financial Conduct Authority and His Majesty’s Revenue.

The Financial Conduct Authority is the UK’s main financial services regulator with authority over banks, building societies, credit unions and other firms engaging in financial activities. The FCA oversees compliance with AML regulations in the UK and has the power to investigate money laundering and terrorism financing offences in conjunction with other law enforcement agencies and authorities, such as the Crown Prosecution Service (CPS). All banks and financial institutions in the UK must register with the FCA.

His Majesty’s Revenue and Customs shares the responsibility to investigate money laundering offences with the FCA. In addition to the FCA and HMRC, the power to enforce money laundering regulations in the UK is shared by the National Crime Agency (NCA) and the Serious Fraud Office (SFO), both of which have the power of arrest and can seek warrants and court orders. UK AML/CFT authorities also have the power to freeze and confiscate assets that they suspect are involved in money laundering, terrorism financing or other criminal activities.

In summary

Achieving compliance with UK AML/CFT requires significant administrative effort and the analysis of large amounts of transaction data. To avoid human error and potential compliance penalties, many firms automate AML processes with a range of smart technology tools. Automation not only adds speed, accuracy and efficiency to AML; it also helps firms adapt to new regulations and continue to deliver the highest standard.

Last updated: Monday 16th October 2023

Blog call to action - demo
Comments are closed.